Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/4/2011
11:51 AM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Epsilon Email Hack Exposes Bank, Business Customers

Capital One, Brookstone, JP Morgan Chase, and TiVo have issued warnings to their customers, and presumably other Epsilon clients have as well.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
The email system of an online marketing firm serving many major consumer brands has been breached, prompting its clients to issue warnings to consumers.

Epsilon issued a statement on Friday saying that its email system had been accessed without authorization on March 30 and that a subset of its clients' customer data had been exposed.

"The information that was obtained was limited to email addresses and/or customer names only," the company said. "A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway."

The marketing company's clients include Ameriprise Financial, Best Buy, Brookstone, Capital One, Citi, Disney Destinations, Home Shopping Network, JP Morgan Chase, Kroger, LL Bean Visa Card, McKinsey & Company, New York & Company, Ritz-Carlton Rewards, TiVo, US Bank, and Walgreens, among others.

While the exposed data -- email addresses and customer names -- isn't as sensitive as credit card or social security numbers, Epsilon's clients have nonetheless notified their customers.

The risk is that an attacker could craft a more convincing malicious message by leveraging the knowledge of the target's actual relationships with affected businesses, according to security firm Rapid7.

Capital One, for instance, said it had been notified about the breach and urged customers to be wary of targeted phishing attacks.

"Customers are reminded to ignore emails asking for confidential account or log-in information and remember that familiar looking links in an email can redirect to a fraudulent site," the company said. "If you get an email that claims to be from us but you aren't sure, or you think it's suspicious, don't click any of the links."

Brookstone, JP Morgan Chase, and TiVo have issued similar warnings, and presumably other Epsilon clients have as well.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Axle S
50%
50%
Axle S,
User Rank: Apprentice
8/10/2015 | 11:59:27 AM
truth
Well all of this is interesting but keeping in
mind that people who go through all the trouble of
obtaining your personal information intend to use
it in illegal ways. Once one takes the risk of
breaking the law and committing a crime, there is
pretty much no way to protect yourself. All the
precautions in this blog may help against amateur
hackers, but in reality one's accounts and
passwords can be obtained in much simpler ways. I
have experience with computer viruses and
especially phishers and keyloggers and anyone
reading this article should understand that it is
almost impossible to stay 100% protected if you
engage in online banking or shopping using credit
card or other services such as Paypal. Any
skillful programmer will be able to tell you that
antivirus programs cannot detect all viruses and
some can be stealthy and you wont know anything
while every keystroke on your keyboard is being
electronically recorded and uploaded to someones
server. I only know of the ways I have come in
contact with to obtain access to someones
computer, but creative hackers are coming up with
newer and newer security breaches. Even a small
popup on your web browser could in reality launch
a stealthy virus of some sort on your computer.
All this might be frightening and most computer
users dont undersand the danger they put their
private information in when they for instance shop
online or check their bank accounts. There are an
unthinkable amount of ways to infect someones
computer but there is only a few ways to protect
oneself. Perhaps the best, but also somewhat
annoying and time consuming, is to install a
separate operating system on your computer to use
for banking and entering confidential information
such as credit card number to purchase something
from an electronic store. I recommend the [email protected]
anon9140497729
50%
50%
anon9140497729,
User Rank: Apprentice
12/23/2013 | 9:14:35 PM
Hacking solutions


My team & I offer the best hacking services.We can hack or recover any email id,mobile phone,FACEBOOK & website servers & grant our clients access..We always provide proof before payment so you know you are not being ripped off.Send me a mail "[email protected]".We try to reply every client ASAP & execute the project in the quickest time-frame possible.


Need to obtain a lost email? Got that girlfriend that you are suspicious of cheating? The team at [email protected] can solve your problems and your email needs! Just send them an email.
x.x
50%
50%
x.x,
User Rank: Apprentice
6/23/2012 | 7:11:32 AM
re: Epsilon Email Hack Exposes Bank, Business Customers
My team & I offer hacking services.We can hack/recover any email id,FACEBOOK & website servers & grant our clients access..We always provide proof before payment so you know you are not being ripped off.Send me a mail "[email protected]".We try to reply every client ASAP & execute the project in the quickest time-frame possible.
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-28048
PUBLISHED: 2021-04-14
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-28157
PUBLISHED: 2021-04-14
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete.
CVE-2021-26030
PUBLISHED: 2021-04-14
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page
CVE-2021-26031
PUBLISHED: 2021-04-14
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
CVE-2021-27710
PUBLISHED: 2021-04-14
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system funct...